XML Parser Toolkit
Expat is an XML 1.0 parser written in C. It aims to be fully
conformant. It is currently not a validating XML processor. The current
production version of expat can be downloaded from
ftp://ftp.jclark.com/pub/xml/expat.zip. The directory xmltok contains a
low-level library for tokenizing XML. The interface is documented in
xmltok/xmltok.h. The directory xmlparse contains an XML parser library
that is built on top of the xmltok library. The interface is documented
in xmlparse/xmlparse.h. The directory sample contains a simple example
program using this interface. The file sample/build.bat is a batch
file to build the example using Visual C++. The directory xmlwf
contains the xmlwf application, which uses the xmlparse library. The
arguments to xmlwf are one or more files to check for well-formedness.
An option -d dir can be specified. For each well-formed input file, the
corresponding canonical XML is written to dir/f, where f is the
filename (without any path) of the input file. A -x option causes
references to external general entities to be processed. A -s option
makes documents that are not stand-alone cause an error (a document is
considered stand-alone if it is intrinsically stand-alone because it
has no external subset and no references to parameter entities in the
internal subset or it is declared as stand-alone in the XML
declaration).
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout SUSE:SLE-15-SP4:GA/expat && cd $_ - Create Badge
Source Files
| Filename | Size | Changed |
|---|---|---|
| baselibs.conf | 0000000179 179 Bytes | |
| expat-2.4.4.tar.xz | 0000449448 439 KB | |
| expat-2.4.4.tar.xz.asc | 0000000833 833 Bytes | |
| expat.changes | 0000038889 38 KB | |
| expat.spec | 0000003490 3.41 KB | |
| expatfaq.html | 0000003117 3.04 KB |
Revision 3 (latest revision is 4)
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 3)
- Update to latest version 2.4.4 in SLE-15-SP4 [jsc#SLE-21253]
- update to 2.4.4 (bsc#1195217, bsc#1195054):
* Security fixes:
- CVE-2022-23852 -- Fix signed integer overflow
(undefined behavior) in function XML_GetBuffer
that is also called by function XML_Parse internally)
for when XML_CONTEXT_BYTES is defined to >0 (which is both
common and default).
Impact is denial of service or more.
- CVE-2022-23990 -- Fix unsigned integer overflow in function
doProlog triggered by large content in element type
declarations when there is an element declaration handler
present (from a prior call to XML_SetElementDeclHandler).
Impact is denial of service or more.
* Bug fixes:
- xmlwf: Fix a memory leak on output file opening error
* Other changes:
- Version info bumped from 9:3:8 to 9:4:8;
see https://verbump.de/ for what these numbers do
* Drop unused file valid-xhtml10.png
- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474,
bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
* CVE-2021-45960 -- Fix issues with left shifts by >=29 places
resulting in
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
depending on architecture and precise value
Comments 0